My customer’s coffee area used to have three urns for coffee. The standard practice was to make a new pot if you used up the last in the current pot. The pots were big, holding probably between 10 and 15 normal cups-sizes worth of coffee. Unsurprisingly, I had to make coffee about …

Just like what happened on www.picobusiness.com, this wordpress site was compromised. And I was able to restore this one in about 5 minutes, which is pretty cool. The old style wasn’t available anymore. Which might be a blessing 🙂

When I was a young programmer, COBOL was the primary “enterprise” business language. It had a few advantages: everyone knew it, hardware supported it, libraries extended it, no one got fired for using it. There were several other languages out there, that were used for various projects – FORTRAN, C, Pascal, Ada , to name …

Continuing on from my previous walkthrough on public-key cryptography, I also wanted to learn how you can sign documents using the private key, verifying the signature with the public key. The concept here is verification – was this message sent by someone with access to a specific private key. For example, consider Paul Revere, …

The basic concept of public-key cryptography (specifically, the RSA version) is always described as “finding the factors of large numbers is hard”. So if you can find two large prime numbers, and multiply them together, you get a very large number that is incredibly hard to factorize. But I’ve struggled with understanding how you …

Just like what happened on www.picobusiness.com, this wordpress site was compromised. And I was able to restore this one in about 5 minutes, which is pretty cool. The old style wasn’t available anymore. Which might be a blessing 🙂

When I was a young programmer, COBOL was the primary “enterprise” business language. It had a few advantages: everyone knew it, hardware supported it, libraries extended it, no one got fired for using it.

There were several other languages out there, that were used for various projects – FORTRAN, C, Pascal, Ada , to name a few big ones.

But it didn’t matter for “enterprise” software.

In the mid 90s, two things “exploded” – the Internet (because of the World Wide Web) and Java. Over the next decade or so, Java essentially took over as the “enterprise” software leader. Other languages had tried and failed. Java succeeded almost despite itself – the EJB constructs were incredibly clumsy and overly-complicated, it wasn’t super fast, and the language was (and is) often clunky.

But Java came with the Internet in its DNA – and as the Internet exploded, COBOL was simply not equipped to keep up.

Java succeeded because it rode the coattails of the “next big thing” all the way to glory. COBOL simply wasn’t the safe choice anymore, because it was clearly obsolete.

Over time, Java became the safe choice, the one with the libraries that everyone knew.

When you talk about a language displacing Java as the dominant “enterprise” language, you have to have the second part – you need a major upheaval that makes the world realize that Java isn’t the safe choice anymore.

So the key isn’t the features of your language. It’s finding the things that the language can do that Java can’t, and in such a way that it’s obvious Java won’t be able to do it for a long time.

I know Java, I make a living knowing Java, but I also know that it won’t last forever. But you’re probably not going to replace it anytime soon.

The concept here is verification – was this message sent by someone with access to a specific private key. For example, consider Paul Revere, waiting for a message from Robert Newman. What if somehow a British spy knew that Paul was expecting an email from Robert, and wanted to fool Paul by pretending to be Robert. For Paul to be sure the message is legitimately from Robert, it doesn’t matter whether the message was encrypted with Paul’s public key – after all, anyone could have the public key. To be verified, the message must be signed by Robert’s private key. Remember, this isn’t about encryption – the signature is “in the clear” – anyone can see it.

So we need a new public/private key pair for Robert Newman. Since I’ve already gone through the effort of explaining how to calculate them last time, I’ll just provide you with the numbers themselves this time:

n is 221

e is 191

d is 383

To sign text, you use the private key to create a cryptographic signature. Robert is following up from the previous email, he wants to tell Paul how many boats the British are rowing across the river. So he wants to send the message: “5”.

so:

m is 5

Signing

The signature s is calculated by the formula: m^d % n

Remember, d is part of the data that Paul has kept private. Only he knows what d is.

So when we send this communication to someone, we send both the message itself “5” and the signature: “177”

Verifying a Signature

To verify the signature, we want to see that s^e mod n == the message. Remember, e is part of the public key.

s ^ e is 177 ^ 191 or:

2306183577149085201596305325596159226547118569300925189229389857203796357207862044982857315199283790476827017647730527617852804108867519414430432193245871218986251822073578619863609881193149770246390198636414790783766688663380790017386360674016112360841035988551564172980501137196833264766988401289008585444215905916895724644294397505093631160639335548542153668065643942589783649622290133120663019258868021033347931734637973384273
And that number modulo n (i.e. 221) is:

5

And that’s how Paul can know that this message was sent by Robert Newman.

Bringing these things together

In the original scenario, Robert Newman wants to tell Paul that the British are coming by sea. So he encrypted the code number: “3” with Paul’s public key, knowing that only Paul can decrypt it. As you saw from the encryption demonstration walkthrough, the actual message that Robert sent was the value “70”.

And realistically, we’d want Robert to sign that message “70” with his private key. This provides the best of both worlds – only Paul can decrypt the message, and it could only have been sent by Robert.

So what is the value of the signature for a message with the value 70? I leave that as an exercise for you.

The basic concept of public-key cryptography (specifically, the RSA version) is always described as “finding the factors of large numbers is hard”. So if you can find two large prime numbers, and multiply them together, you get a very large number that is incredibly hard to factorize.

But I’ve struggled with understanding how you get from that fact to encrypted text. So, using some resources, I finally sat down and tried to walk through a simple example, just so I could get the concept. This is my story.

I used Google Sheets to do my work, and I ran into a problem right away – Google Sheets (and also Excel) can’t handle the ridiculously large numbers that get produced during the algorithm. So I found a website that provides an arbitrarily large number calculator:

Armed with these four resources, I was able to walk through a toy problem:

It is April 14th, 1775. Paul Revere is waiting for an encrypted message from Robert Newman, the sexton of the North Church. Robert will email him a message using Paul’s public key. Because ‘1’ is boring, the encrypted contents will either be ‘2’ if the British are coming by land, or ‘3’ if the British are coming by sea.

Calculating the Public and Private Key Pair

So first, Paul needs to calculate his public and private key pair. This being the 18th century, his mathematics are limited. So he uses very small prime numbers for p and q:

p = 11

q = 19

Using p and q, he can calculate n -> p x q = n == 209

so:

n = 209

Now, per the algorithm, he needs to calculate “Theta N” or Theta PQ” depending on who you ask. I’ll use Theta N

Theta N is (p-1) x (q – 1) == 180

so:

Theta N = 180

Now he has to find a number e such that e is relatively prime to Theta N. Relatively Prime, in this case, means a number x that doesn’t share any common factors with y. The simplest version of this is y – 1. In this case, y is Theta N which is 180. Which means that e is 180 – 1

so:

e = 179

Lastly, he needs to determine d. d is a number such that d x e modulo Theta N is 1 . There are a lot of numbers that fulfill this, but a relatively small one is 359 (179 * 359 == 64261) and then that number modulo Theta N is 1: (64261 % 180 == 1)

so:

d = 359

Paul keeps p, q and d a secret. He gives e and n to Robert Newman (the sexton of North Church, remember)?

Encrypting

It is now the evening of April 18th, 1775. Robert Newman is watching from his church steeple, and he sees the British rowing across the Charles river. “Two if by land, Three if by sea!” Robert Newman cries out. He quickly gets out his abacus and starts calculating.

The encrypted message is the number 3 . The algorithm says to raise the message to the power of e, and then modulo n . Remember, Paul gave Robert e and n on the 14th.

Now he just needs to divide this incredibly large number by n to get the answer. n is 209, and that incredibly large number modulo 209 is:

Drumroll….

3 !!!

Now, the question for you, dear reader, is to determine what the ciphertext would be if the British had been coming by land. I’ll give you a hint, C ^ d is 726 digits long, the first two digits are 40 and the last two digits are 25.

In a well-written article, John Sonmez writes an article about not taking yourself seriously. And it’s got some very valid points, ones that I completely agree with – I will make mistakes, and that’s ok. I will not always get it right the first time, or misunderstand things, and there’s no reason I should expect otherwise.

But I think he misses the key thing that paralyzes me on a regular basis, and keeps me from being more vocal about my opinions and philosophies (of software development, etc).

And that is that I don’t want to waste your time. You only have so many hours on this Earth, and if I write something that doesn’t make sense or doesn’t resonate, I feel bad, because I’ve wasted your time.

Now, obviously, this doesn’t matter to most people who post stuff – they are happy to post/write whatever, without a particular care about how it’s received. And I respect that, from a courage-of-willingness-to-share perspective. But I also think about the other side – the minutes that the reader is not getting back.

Obviously, if everyone felt this way, almost nothing would get written, except by sociopaths and narcissists. And I think that everyone can agree that a world in which only narcissists and sociopaths shared their opinions would be bad.

I’m of a similar age to him, and I had some of the same initial experiences – programming in BASIC on TRS-80s, TI-99/4a, and then Windows PCs. So I feel like I can knowledgeably comment on his article.

He writes:

Every now and then someone will say that we need more programmers. That every child should learn to program in school. That programming is the new writing.

…

If you try to cram more people into any profession, then the only additional people you will get are those who are average or even subaverage. If you do that, you will end up lowering the skill-average of that profession.

Ok. One can theorize about a world in which every single person who is “above average” in programming ability is already a programmer. If you add one more person, who must therefore be below average, you will be reducing the overall skill level.

But there is absolutely no reason to believe that is the actual world we live in. Programming is a skill without a lot of “sex appeal”, with known issues with misogyny and ageism. Lots of people who might have incredible talent never even start programming, because they don’t fit the standard “white / asian / indian guy” profile. The benefit of teaching everyone to code is that they will find that they enjoy and are good at it. That’s only part of the solution to the “we need more/better programmers”, but IMO, it’s a vital one.

Almost everyone will probably think that tools have become a lot better over time. But have they really?

…

Give a 14 year-old, one who has never even used a computer before, a computer in its original box and see how long it will take him or her to write their first program. My guess is that it will either take weeks or not be accomplished at all.

Well, let’s see. In order to write a simple tic-tac-toe game, you need to install javascript, a browser, and a text editor (and a tutorial to show you how to get started). Yes, that’s complicated.

Oh wait. all of those are already installed on your PC when you get it. Or on your Mac, or on your Linux box.

And in a lot of ways, Javascript is far superior to BASIC. You get a lot more graphical expressiveness for free, when you interact with HTML… but you don’t have to use that…. You have the source code for thousands of other Javascript programs just a right-click away (view source). It’s a simple introduction to programming, and if the 14yo enjoys it, he can then start to branch out towards compiled languages and editors and databases and registering for tools, etc, etc.

And that’s just to start. Consider this challenge: “Create an easily-installable audiovisual application for an embedded device which interacts with the touch sensors and delivers compressed sound data to the device’s audio drivers”

I decided I wanted to learn how to program on Android a few years ago. So I connected my phone to the USB of my computer, downloded the SDK, looked at some example code, and had a viable prototype soundboard app working on my phone in about 4 hours. The tools these days are often fantastic, especially considering how much complexity they abstract away.

If we ever actually get to a world where everyone who has a talent for programming is programming, that’s a good problem to have. Let’s get there first, before we start trying to fix other things.

So, hopefully at this point I’ve established that computer programming and understanding the law and the legal process are somewhat similar.

And that understanding the legal process without tremendous amounts of specialized knowledge is incredibly difficult.

And hopefully I’ve convinced you that the claim that “Everyone can code” is far, far too simplistic, given the tremendous amount of domain knowledge involved.

But let’s add another claim: programming is a form of art. Sure, it’s a form of engineering. But Stonehenge was also the output of engineering, and yet we recognize now that there is beauty and art involved in Stonehenge, not just engineering. Even the Mona Lisa involved modest amounts of engineering: the viscosity of the paint, the pressure of brush upon canvas, the manufacture of the canvas itself. All of those things are engineering disciplines. But the output was far more meaningful than the engineering involved.

When you start a software project, it is often an exceptionally wide-open field. You may have some constraints, some requirements, but significant portions of the work to be done are undiscovered.

There’s an old story about how to create a statue of an elephant. You take a block of stone, and you chip away everything that doesn’t look like an elephant. That’s deceptively simple, isn’t it? Really, the art isn’t in the chipping, it’s in the recognition that bits and pieces are starting to look like an elephant. In many ways, building software is taking a big empty block of “all possible solutions”, chipping away to remove things we don’t want, adding more to fill in parts we do want, until there’s nothing left but the system we want (or the customers want).

The soundtrack: https://soundcloud.com/inhisgroove/sets/wildstar-mmo-ost-cues – this is probably the best MMO soundtrack I’ve ever heard.

The combat – second best I’ve encountered. DDO was better (and probably will still hold the title for some time). But this is really good. The telegraph (floor ‘templates’ that show where the enemy is going to cause damage) makes the game more dynamic than other MMOs (again, other than DDO) and changes rules – you can have bosses with obliterating hits that other non-telegraphed MMOs simply can’t afford to include because they would be game-breaking without a template model.

The humor – wonderful job here – from the leveling, to the voices, to the monsters and random mobs, the items: Pants of Fealty (!) – the humor is consistent and delightful.

The depth – I am astonished at how much they’ve put into a just-launched game, in terms of content and features. It really puts other MMOs to shame. Housing, guilds, crafting, paths, top-end raiding, challenges, reputation, costumes, mounts, arena PvP all at launch? For shame, other MMOs. For shame. Considering it’s just launched, it also has a staggering amount of lore (more on that later)

The philosophy – I *love* that you progress in the pick-up quests based primarily on participation, rather than getting the final kill. It’s a brilliant twist – instead of only getting credit based on being the one to make the kill, you get some credit as long as you do any damage at all. This means that if I see someone fighting a tough monster, it is in both of our interests to work together to finish him. I can’t steal his kills, and he can’t steal mine. We both get loot. In addition, this frees Carbine to mix in tough monsters with the weak ones, since two people working together are far more than twice as effective as each of us working alone.

The lore – I can tell that there’s a deep underlying secret about the Eldan and Nexus – there’s some sort of major secret out there. I’ve seen hints of it (some sort of lurking purple horror), and I can tell by the way that random NPCs make random comments that they’ve put a lot of thought into the overall storyline of the planet.

A sense of the epic – Several times, there’s something that appears to be part of the background, but then it turns out to be an active, interactive object in the game. And then there was the time I walked over a rise to find myself face-to-face with a Godzilla-sized robot trying to climb out of a pit. WOW.

Areas of improvement

Grouping is a mixed bag. Usually, you can share in accomplishments, but sometimes, almost at random, you can’t, and so all three of you have to repeat the exact same step. DDO again stands at the top of the pile here.

Too many things to keep in your inventory – seeds and such are valuable, but take up space. I may have to experiment with farming, maybe it’s not as bad as it seems right now. There’s some variations – monsters that are way out of your league are glowing red, but it’s not uncommon to attack a monster, only to realize after you’ve engaged that it has 4x-6x the HPs you were expecting.

Difficulty variation – it can be tricky to realize that the reason I’m struggling – is that I’m in an area meant for higher level characters. I wish it would make that a bit more obvious, but that may just be a matter of paying more attention to the quest log.

Challenges – I like the *idea* of challenges, but mostly now I just turn them off immediately. Too many failures, and can be very distracting/frustrating when I’m at 99% when the timer runs out. Especially if that failure was because other people were competing with me to complete the challenge.

Visually, it’s a bit frantic. Can be tedious to try to sort through all the vendors and interactable objects and people and quest givers and, and, and…

Achievements – there’s an achievement log, but it just has the name, and no way of reading more about how I earned it, or what it might reward me with.

But I bet you couldn’t tell a 5 year old how to get from Tampa to Atlanta safely. Even if that 5-year-old had a perfect memory.

And the reason is obvious – the 5 year old is lacking a tremendous amount of knowledge about how things work. He doesn’t know how to deal with problems, and you simply can’t imagine or describe every single problem that the 5 year old could possibly have in the process of getting from Tampa to Atlanta.

Computers are like that 5 year old. They can do all sorts of wonderful things, within a relatively safe sandbox. But take them out of that sandbox, and they are lost. They lack domain knowledge. They lack perceptiveness of danger. They lack the skills to deal with unexpected adversity. And you don’t have enough time, smarts or imagination to correctly anticipate all that adversity – not without a tremendous amount of training and practice. I.e. a decade of experience “programming your 5 year old”.

When you imagine a future where “everyone can code”, you should mentally replace “everyone can code” with “everyone could give a five year old detailed instructions on how to safely get from Tampa to Atlanta without human intervention.”

So – let’s imagine a world without lawyers. (Side note: What do you call a bus full of lawyers driving off of a cliff? A good start!)

Ok. That was peaceful for a moment, but then the problems start mounting. Without lawyers, who decides the law? Police do. And while I respect the police, and think many of them do a fine job, there are bad cops out there, who do bad things. One needs only glance at the Internet to see story after story after story of police abusing the law, abusing rights, abusing due process.

If you get arrested, who helps you? I mean: let’s say you are at a train station, and you have the flu, and suddenly you vomit on the floor in front of someone. He tries to leap out of your way, knocks a woman over, and she falls onto the tracks. The police arrest you for battery, because you should have known better than to go to the train station when you were feeling nauseated.

Now, maybe you’re really smart, and you can master the law books and the case history and come up with a compelling defense for yourself. Maybe you can quickly master all of the “ceremony” attached to the courts – filling out the right forms at the right time, using the special magic words, bringing in the right data, etc, etc, etc. But if you can do all of that, you are a massive outlier. Most people couldn’t even hope to comprehend all of that, and the few that can require years and years of training to do it well.

Do you know what we call the equivalent of that in the software world? Debugging.

Law is hard. The legal codes are incredibly complex, full of specialized knowledge and specialized skills. Most people aren’t equipped to be lawyers. Software (rules to govern the execution the series of steps within a process) and law (rules to govern the rights, privileges and responsibilities of the people, and the processes by which those rules are enforced) are incredibly similar. Being good at software requires many of the same skills as being good at law: the ability to create mental models of the entire system in your head, all at once (or at least, of the subset of immediate consequence). The better and bigger (i.e. incorporating more rules) model you can carry in your head, the better you are at law, and the better you are at software.

Lawyer movies & TV shows, especially the funny ones, do this constantly – for example, how the cases wrap up at the end of Legally Blonde, and Liar Liar – specialized knowledge pulled from an entirely unrelated area of the law suddenly undermines the case.

But that’s my life, almost every day – “Bad thing X is happening.” To figure out why, I have to examine logs, examine the code, examine the database, test hypotheses, think about side effects and consequences and come up with a reason why, and a way to fix it. I pull in knowledge from all sorts of areas, and because I have decades of experience, I can do that without a second thought… usually.